Share this article
Russian-Speaking Groups Responsible for Majority of Crypto Ransomware Attacks in 2023: TRM Labs
Inflows to Russia-based crypto exchange Garantex accounted for 82% of the crypto volumes that belonged to sanctioned entities internationally, the report added.
Updated Jul 25, 2024, 12:00 p.m. Published Jul 25, 2024, 12:00 p.m.
- Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023.
- In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web.
- Inflows to Russia-based exchange, Garantex, accounted for 82% of the crypto from sanctioned entities, despite restrictions being imposed due to the war on Ukraine.
Illicit use of crypto for ransomware, drug sales, and sanction evasion was rife in Russia in 2023 according to a report by TRM Labs on Thursday.
Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023, which exceeded $500 million. Ransomware is a type of malware that prevents a user from accessing a device until a sum is paid.
STORY CONTINUES BELOW
The two largest ransomware operators in 2023 were Lockbit and ALPHV/Black Cat, both Russian-speaking groups. However, in February the U.K. National Crime Agency said it had managed to take control of Lockbits services "compromising their entire criminal enterprise," according to an article at the time.
In 2023, Russian exchange Garantex accounted for 82% of the crypto volumes from sanctioned entities internationally, the report said.
Due to Russia's war on Ukraine, nations around the world placed sanctions on the country leading to some turning to crypto to evade them. U.S. sanctions watchdog, the Office of Foreign Assets Control (OFAC) blacklisted a bitcoin and ether address last year tied to sanctions evasion. Plus, U.S. federal prosecutors alleged in 2022 that five Russian nationals had laundered millions of dollars worth of crypto.
In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web, the report added.
"Russian speaking threat actors are unique in the breadth of their malign activity," the report said.
However, North Korea remains the world’s hacking superpower and has been responsible for stealing close to $1 billion in cryptocurrency in 2023 according to the report.
Meer voor jou
Wat u moet weten:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Sizin için daha fazlası
Crypto bank Custodia files petition for a rehearing by all appellate judges
The Wyoming-based cryptocurrency bank argued that the three-judge panel undermined state banking authorities, raising “serious constitutional questions”
Bilinmesi gerekenler:
- Custodia Bank has filed a petition for a rehearing en banc with the Tenth Circuit Court of Appeals in its legal battle against the Federal Reserve.
- The bank argues that the Fed's denial of a master account undermines state banking authority and raises constitutional concerns.
- The October ruling against Custodia is a significant setback in its efforts to gain access to the U.S. payments system.
Top Stories
